Rules

A rule contains a resource, one or more actions,
and a value. Each action can have one or more values.

A resource defines the specific object
that is being protected; for instance, an HTML page or a user’s salary
information accessed using a human resources service.

An action is the name of an operation
that can be performed on the resource; examples of web server actions are
POST or GET. An allowable action for a human resources service , for example,
can change a home telephone number.

A value defines the permission for the
action, for example, allow or deny.

Note –

It is acceptable to define an action without resources for some
services.